On Fri, 15 Sep 2017, William Stein wrote:
Good idea. And if anybody does write in here, please precisely define your
security/threat model before writing anything else... since otherwise the
discussion is worthless.
This is very much theoretical.
But suppose that we use Sage to compute a Hamiltonian path of given graph
and have our own www-page for inputting the graph. Now, if there is a bug
in .hamiltonian_path(), it may lead to a security break.
So about every program can be a security problem. For example there has
been a bug in "bc" in some Linux distribution. And I have used bc as an
example of using xinetd to make a simple listener for telnet connections.
Fortunately the bug was corrected before my example.
--
Jori Mäntysalo
